Machine-Level Programming II: Control CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGİN Slides adapted from Bryant & O Hallaron s slides 1
Today Control: Condition codes Conditional branches Loops Switch Statements 2
Processor State (x86-64, Partial) Information about currently executing program Temporary data ( %rax, ) Location of runtime stack ( %rsp ) Location of current code control point ( %rip, ) Status of recent tests ( CF, ZF, SF, OF ) Current stack top Registers %rax %rbx %rcx %rdx %rsi %rdi %rsp %rbp %rip %r8 %r9 %r10 %r11 %r12 %r13 %r14 %r15 Instruction pointer CF ZF SF OF Condition codes 3
Condition Codes (Implicit Setting) Single bit registers CF Carry Flag (for unsigned) SF Sign Flag (for signed) ZF Zero Flag OF Overflow Flag (for signed) Implicitly set (think of it as side effect) by arithmetic operations Example: addq Src,Dest t = a+b CF set if carry out from most significant bit (unsigned overflow) ZF set if t == 0 SF set if t < 0 (as signed) OF set if two s-complement (signed) overflow (a>0 && b>0 && t<0) (a<0 && b<0 && t>=0) Not set by leaq instruction 4
5
6
7
8
Condition Codes (Explicit Setting: Compare) Explicit Setting by Compare Instruction cmpq Src2, Src1 cmpq b,a like computing a-b without setting destination CF set if carry out from most significant bit (used for unsigned comparisons) ZF set if a == b SF set if (a-b) < 0 (as signed) OF set if two s-complement (signed) overflow (a>0 && b<0 && (a-b)<0) (a<0 && b>0 && (a-b)>0) 9
Condition Codes (Explicit Setting: Test) Explicit Setting by Test instruction testq Src2, Src1 testq b,a like computing a&b without setting destination Sets condition codes based on value of Src1 & Src2 Useful to have one of the operands be a mask ZF set when a&b == 0 SF set when a&b < 0 10
Reading Condition Codes SetX Instructions Set low-order byte of destination to 0 or 1 based on combinations of condition codes Does not alter remaining 7 bytes SetX Condition Description sete ZF Equal / Zero setne ~ZF Not Equal / Not Zero sets SF Negative setns ~SF Nonnegative setg ~(SF^OF)&~ZF Greater (Signed) setge ~(SF^OF) Greater or Equal (Signed) setl (SF^OF) Less (Signed) setle (SF^OF) ZF Less or Equal (Signed) seta ~CF&~ZF Above (unsigned) setb CF Below (unsigned) 11
x86-64 Integer Registers 12
x86-64 Integer Registers %rax %al %r8 %r8b %rbx %bl %r9 %r9b %rcx %cl %r10 %r10b %rdx %dl %r11 %r11b %rsi %sil %r12 %r12b %rdi %dil %r13 %r13b %rsp %spl %r14 %r14b %rbp %bpl %r15 %r15b Can reference low-order byte 13
Reading Condition Codes (Cont.) SetX Instructions: Set single byte based on combination of condition codes One of addressable byte registers Does not alter remaining bytes Typically use movzbl to finish job 32-bit instructions also set upper 32 bits to 0 int gt (long x, long y) { return x > y; Register %rdi %rsi %rax Use(s) Argument x Argument y Return value cmpq %rsi, %rdi # Compare x:y setg %al # Set when > movzbl %al, %eax # Zero rest of %rax ret 14
Reading Condition Codes (Cont.) SetX Instructions: Set single byte based on combination of condition codes One of addressable byte registers Does not alter remaining bytes Typically use movzbl to finish job 32-bit instructions also set upper 32 bits to 0 int gt (long x, long y) { return x > y; Register %rdi %rsi %rax Use(s) Argument x Argument y Return value cmpq %rsi, %rdi # Compare x:y setg %al # Set when > movzbl %al, %eax # Zero rest of %rax ret 15
16
17
Today Control: Condition codes Conditional branches Loops Switch Statements 18
Jumping jx Instructions Jump to different part of code depending on condition codes jx Condition Description jmp 1 Unconditional je ZF Equal / Zero jne ~ZF Not Equal / Not Zero js SF Negative jns ~SF Nonnegative jg ~(SF^OF)&~ZF Greater (Signed) jge ~(SF^OF) Greater or Equal (Signed) jl (SF^OF) Less (Signed) jle (SF^OF) ZF Less or Equal (Signed) ja ~CF&~ZF Above (unsigned) jb CF Below (unsigned) 19
Conditional Branch Example (Old Style) Generation unix> gcc Og -S fno-if-conversion control.c long absdiff (long x, long y) { long result; if (x > y) result = x-y; else result = y-x; return result; absdiff: cmpq %rsi, %rdi # x:y jle.l4 movq %rdi, %rax subq %rsi, %rax ret.l4: # x <= y movq %rsi, %rax subq %rdi, %rax ret Register %rdi %rsi %rax Use(s) Argument x Argument y Return value 20
Expressing with Goto Code C allows goto statement Jump to position designated by label long absdiff (long x, long y) { long result; if (x > y) result = x-y; else result = y-x; return result; long absdiff_j (long x, long y) { long result; int ntest = x <= y; if (ntest) goto Else; result = x-y; goto Done; Else: result = y-x; Done: return result; 21
General Conditional Expression Translation (Using Branches) C Code val = Test? Then_Expr : Else_Expr; val = x>y? x-y : y-x; Goto Version ntest =!Test; if (ntest) goto Else; val = Then_Expr; goto Done; Else: val = Else_Expr; Done:... Create separate code regions for then & else expressions Execute appropriate one 22
Using Conditional Moves Conditional Move Instructions Instruction supports: if (Test) Dest Src Supported in post-1995 x86 processors GCC tries to use them But, only when known to be safe Why? Branches are very disruptive to instruction flow through pipelines Conditional moves do not require control transfer C Code val = Test? Then_Expr : Else_Expr; Goto Version result = Then_Expr; eval = Else_Expr; nt =!Test; if (nt) result = eval; return result; 23
Conditional Move Example long absdiff (long x, long y) { long result; if (x > y) result = x-y; else result = y-x; return result; Register %rdi %rsi %rax Use(s) Argument x Argument y Return value absdiff: movq %rdi, %rax # x subq %rsi, %rax # result = x-y movq %rsi, %rdx subq %rdi, %rdx # eval = y-x cmpq %rsi, %rdi # x:y cmovle %rdx, %rax # if <=, result = eval ret 24
Bad Cases for Conditional Move Expensive Computations val = Test(x)? Hard1(x) : Hard2(x); Both values get computed Only makes sense when computations are very simple Risky Computations val = p? *p : 0; Both values get computed May have undesirable effects Computations with side effects val = x > 0? x*=7 : x+=3; Both values get computed Must be side-effect free Bad Performance Unsafe Illegal 25
Today Control: Condition codes Conditional branches Loops Switch Statements 26
Do-While Loop Example C Code long pcount_do (unsigned long x) { long result = 0; do { result += x & 0x1; x >>= 1; while (x); return result; Goto Version long pcount_goto (unsigned long x) { long result = 0; loop: result += x & 0x1; x >>= 1; if(x) goto loop; return result; Count number of 1 s in argument x ( popcount ) Use conditional branch to either continue looping or to exit loop 27
Do-While Loop Compilation Goto Version long pcount_goto (unsigned long x) { long result = 0; loop: result += x & 0x1; x >>= 1; if(x) goto loop; return result; Register %rdi %rax Use(s) Argument x result movl $0, %eax # result = 0.L2: # loop: movq %rdi, %rdx andl $1, %edx # t = x & 0x1 addq %rdx, %rax # result += t shrq %rdi # x >>= 1 jne.l2 # if (x) goto loop rep; ret 28
General Do-While Translation C Code do Body while (Test); Body: { Statement 1 ; Statement 2 ; Statement n ; Goto Version loop: Body if (Test) goto loop 29
General While Translation #1 While version while (Test) Body Goto Version #1 goto test; loop: Body test: if (Test) goto loop; done: 30
While Loop Example #1 C Code long pcount_while (unsigned long x) { long result = 0; while (x) { result += x & 0x1; x >>= 1; return result; Goto Version #1 long pcount_goto_jtm (unsigned long x) { long result = 0; goto test; loop: result += x & 0x1; x >>= 1; test: if(x) goto loop; return result; Compare to do-while version of function Initial goto starts loop at test 31
General While Translation #2 While version while (Test) Body Do-While Version if (!Test) goto done; do Body while(test); done: Goto Version #2 if (!Test) goto done; loop: Body if (Test) goto loop; done: 32
While Loop Example #2 C Code long pcount_while (unsigned long x) { long result = 0; while (x) { result += x & 0x1; x >>= 1; return result; Goto Version #2 long pcount_goto_dw (unsigned long x) { long result = 0; if (!x) goto done; loop: result += x & 0x1; x >>= 1; if(x) goto loop; done: return result; Compare to do-while version of function Initial conditional guards entrance to loop 33
For Loop Form General Form for (Init; Test; Update ) Body #define WSIZE 8*sizeof(int) long pcount_for (unsigned long x) { size_t i; long result = 0; for (i = 0; i < WSIZE; i++) { unsigned bit = (x >> i) & 0x1; result += bit; return result; { Init i = 0 Test i < WSIZE Update i++ Body unsigned bit = (x >> i) & 0x1; result += bit; 34
For Loop While Loop For Version for (Init; Test; Update ) Body While Version Init; while (Test ) { Body Update; 35
{ For-While Conversion Init i = 0 Test i < WSIZE Update i++ Body unsigned bit = (x >> i) & 0x1; result += bit; long pcount_for_while (unsigned long x) { size_t i; long result = 0; i = 0; while (i < WSIZE) { unsigned bit = (x >> i) & 0x1; result += bit; i++; return result; 36
Today Control: Condition codes Conditional branches Loops Switch Statements 37
long switch_eg (long x, long y, long z) { long w = 1; switch(x) { case 1: w = y*z; break; case 2: w = y/z; /* Fall Through */ case 3: w += z; break; case 5: case 6: w -= z; break; default: w = 2; return w; Switch Statement Example Multiple case labels Here: 5 & 6 Fall through cases Here: 2 Missing cases Here: 4 38
Jump Table Structure Switch Form switch(x) { case val_0: Block 0 case val_1: Block 1 case val_n-1: Block n 1 Translation (Extended C) goto *JTab[x]; jtab: Jump Table Targ0 Targ1 Targ2 Targn-1 Jump Targets Targ0: Targ1: Targ2: Code Block 0 Code Block 1 Code Block 2 Targn-1: Code Block n 1 39
Switch Statement Example long switch_eg(long x, long y, long z) { long w = 1; switch(x) {... return w; Setup: switch_eg: movq %rdx, %rcx cmpq $6, %rdi # x:6 ja.l8 jmp *.L4(,%rdi,8) What range of values takes default? Register %rdi %rsi %rdx %rax Use(s) Argument x Argument y Argument z Return value Note that w not initialized here 40
Switch Statement Example long switch_eg(long x, long y, long z) { long w = 1; switch(x) {... return w; Setup: Indirect jump Jump table switch_eg: movq %rdx, %rcx cmpq $6, %rdi # x:6 ja.l8 # Use default jmp *.L4(,%rdi,8) # goto *JTab[x].section.rodata.align 8.L4:.quad.L8 # x = 0.quad.L3 # x = 1.quad.L5 # x = 2.quad.L9 # x = 3.quad.L8 # x = 4.quad.L7 # x = 5.quad.L7 # x = 6 41
Assembly Setup Explanation Table Structure Each target requires 8 bytes Base address at.l4 Jumping Direct: jmp.l8 Jump target is denoted by label.l8 Jump table.section.rodata.align 8.L4:.quad.L8 # x = 0.quad.L3 # x = 1.quad.L5 # x = 2.quad.L9 # x = 3.quad.L8 # x = 4.quad.L7 # x = 5.quad.L7 # x = 6 Indirect: jmp *.L4(,%rdi,8) Start of jump table:.l4 Must scale by factor of 8 (addresses are 8 bytes) Fetch target from effective Address.L4 + x*8 Only for 0 x 6 42
Jump Table Jump table.section.rodata.align 8.L4:.quad.L8 # x = 0.quad.L3 # x = 1.quad.L5 # x = 2.quad.L9 # x = 3.quad.L8 # x = 4.quad.L7 # x = 5.quad.L7 # x = 6 switch(x) { case 1: //.L3 w = y*z; break; case 2: //.L5 w = y/z; /* Fall Through */ case 3: //.L9 w += z; break; case 5: case 6: //.L7 w -= z; break; default: //.L8 w = 2; 43
Code Blocks (x == 1) switch(x) { case 1: //.L3 w = y*z; break;....l3: movq %rsi, %rax # y imulq %rdx, %rax # y*z ret Register %rdi %rsi %rdx %rax Use(s) Argument x Argument y Argument z Return value 44
Handling Fall-Through long w = 1;... switch(x) {... case 2: w = y/z; /* Fall Through */ case 3: w += z; break;... case 2: w = y/z; goto merge; case 3: merge: w = 1; w += z; 45
Code Blocks (x == 2, x == 3) long w = 1;....L5: # Case 2 movq %rsi, %rax cqto switch(x) { idivq %rcx # y/z... jmp.l6 # goto merge case 2:.L9: # Case 3 w = y/z; movl $1, %eax # w = 1 /* Fall Through */.L6: # merge: case 3: addq %rcx, %rax # w += z w += z; break;... ret Register Use(s) %rdi %rsi %rdx %rax Argument x Argument y Argument z Return value 46
Code Blocks (x == 5, x == 6, default) switch(x) {... case 5: //.L7 case 6: //.L7 w -= z; break; default: //.L8 w = 2;.L7: # Case 5,6 movl $1, %eax # w = 1 subq %rdx, %rax # w -= z ret.l8: # Default: movl $2, %eax # 2 ret Register %rdi %rsi %rdx %rax Use(s) Argument x Argument y Argument z Return value 47
Summarizing C Control if-then-else do-while while, for switch Assembler Control Conditional jump Conditional move Indirect jump (via jump tables) Compiler generates code sequence to implement more complex control Standard Techniques Loops converted to do-while or jump-to-middle form Large switch statements use jump tables Sparse switch statements may use decision trees (if-elseif-elseif-else) 48
Summary Today Control: Condition codes Conditional branches & conditional moves Loops Switch statements Next Time Stack Call / return Procedure call discipline 49